tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Weaver <>
Subject in Tomcat container-based authN is there a way to redirect logins to a URL?
Date Thu, 07 Feb 2008 14:45:37 GMT

I'm having trouble finding a way (maybe it is because it isn't 
possible?) of making Tomcat send users to the relative URL 
"/Shibboleth.sso/Login" (not served by Tomcat) in order to login if the 
Tomcat session times out, etc.

Is there a way to do that?

Basically the intent is that it would be a workaround for an issue we're 
having. Typically when I use the Shibboleth protected web application, 
apache intercepts attempts to access the web app (via mod_shib) and 
Shibboleth handles all of the authN and passes REMOTE_USER header to 
Tomcat (via mod_jk) after which I am already authenticated to Bedework 
(which uses Tomcat container-based auth). However, when some other users 
try to access that same web application, they are consistently sent to 
Tomcat's grey login screen (which doesn't use Shib, so it won't 
recognize their user). When I leave my browser open too long (like 
overnight), I also see the same issue. I tried changing Tomcat's 
session-timeout to 1 minute (and restarting Tomcat) and authenticating 
and then waiting a few minutes and trying to access the web application 
again to see if it was that, but that didn't cause any problem. Mike 
Douglass of Bedework suggested that I try disabling container-based 
authN, so I tried commenting out the security-contraints, login-config, 
and security-roles of the web.xml of the webapp that showed this 
behavior (and rebuilt, redeployed, restarted Tomcat) and I was still 
able to login via Shibboleth, but now the two users that consistently 
are able to reproduce the issue got "Exception: Null user parameter for 
public admin." in the Bedework app, and I get the same error now if I 
leave my browser open overnight and try to access the web application.

I would think that if it were possible to configure Tomcat to redirect 
to Shibboleth's login, that might be the best option. Does anyone know 
of a way to redirect Tomcat to point at some other URL, specifically the 
relative URL "/Shibboleth.sso/Login" (not served by Tomcat)?

Thanks in advance,

Gary Weaver
Internet Framework Services
Office of Information Technology
Duke University

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message